CVE-2025-59403 – The Flock Safety Collins Android app exposes un... (How to Fix)

📋 TL;DR

The Flock Safety Collins Android app exposes unauthenticated administrative API endpoints on port 8080, allowing attackers on the same network to reboot devices, access logs, or enable ADB for remote shell access. This affects users of Flock Safety's Falcon, Sparrow, and Bravo camera devices running the vulnerable app version. Attackers can achieve denial of service, information disclosure, and remote code execution.

💻 Affected Systems

Products:

Flock Safety Collins Android application
Flock Safety Falcon devices
Flock Safety Sparrow devices
Flock Safety Bravo devices

Versions: 6.35.31

Operating Systems: Android

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists in default configuration; no special setup required for exploitation.

📦 What is this software?

Flock Safety by Flocksafety

View all CVEs affecting Flock Safety →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attacker gains root shell access via ADB, takes full control of camera devices, accesses video feeds, modifies device firmware, and uses devices as network pivots.

🟠

Likely Case

Local network attackers reboot devices causing service disruption and access sensitive logs containing device information and potentially camera data.

🟢

If Mitigated

With network segmentation and firewall rules blocking port 8080, impact limited to denial of service if physical access obtained.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Simple HTTP requests to endpoints with no authentication required; documented in public research reports.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None provided in references

Restart Required: No

Instructions:

1. Check Flock Safety security advisories for patch availability
2. Update to patched version when released
3. Restart application services after update

🔧 Temporary Workarounds

Network Access Control

linux

Block external access to port 8080 on affected devices

iptables -A INPUT -p tcp --dport 8080 -j DROP
ufw deny 8080/tcp

Application Firewall

android

Configure Android firewall to block port 8080 on the Collins app

🧯 If You Can't Patch

Segment camera devices on isolated VLAN with strict access controls
Implement network monitoring for port 8080 traffic and block suspicious activity

🔍 How to Verify

Check if Vulnerable:

Run 'curl http://[device_ip]:8080/reboot' from same network; if device reboots without authentication, it's vulnerable

Check Version:

Check app version in Android Settings > Apps > Flock Safety Collins

Verify Fix Applied:

Test that API endpoints require authentication or return 403/404 errors

📡 Detection & Monitoring

Log Indicators:

Unexpected reboots
ADB service activation logs
Port 8080 access attempts in network logs

Network Indicators:

TCP connections to port 8080 from unauthorized IPs
HTTP requests to /reboot, /logs, /adb/enable endpoints

SIEM Query:

source="network_firewall" dest_port=8080 AND (uri_path="/reboot" OR uri_path="/logs" OR uri_path="/adb/enable")

📊 Metadata

CVE ID: CVE-2025-59403

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-749

EPSS Score: 4.84% exploit probability (89.3th percentile)

Published: October 2, 2025

Last Updated: November 24, 2025

🔗 References

https://gainsec.com/2025/09/27/fly-by-device-2-the-falcon-sparrow-gated-wireless-rce-camera-feed-dos-information-disclosure-and-more/ Exploit,Third Party Advisory
https://gainsec.com/wp-content/uploads/2025/09/Root-from-the-Coop-Device-3_-Root-Shell-on-Flock-Safetys-Bravo-Compute-Box-GainSec.pdf Exploit,Third Party Advisory
https://www.flocksafety.com/products Product
https://www.flocksafety.com/products/license-plate-readers Product

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-59403, you might also want to check these: